New changelog entries:
* Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).
* Stop shipping su and break old util-linux version. (See #833256)
- Breaks on old version to force lockstep upgrade, which should
really be a depends-new-version (and can be switched around
together with util-linux once the transition is finished).
Using Breaks/Depends the 'wrong' way around is to make apt
unpack things in the 'right' order (avoiding any gaps where
/bin/su is not available during the upgrade phase).

New changelog entries:
* Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).
* Stop shipping su and break old util-linux version. (See #833256)
- Breaks on old version to force lockstep upgrade, which should
really be a depends-new-version (and can be switched around
together with util-linux once the transition is finished).
Using Breaks/Depends the 'wrong' way around is to make apt
unpack things in the 'right' order (avoiding any gaps where
/bin/su is not available during the upgrade phase).

New changelog entries:
* Non-maintainer upload by the Security Team.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)

New changelog entries:
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)

Import patches-unapplied version 1:4.1.5.1-1ubuntu9.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6581c70922d59c8d692a3f32a2620dfe10d837ac

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1.17.04.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 6c2ec5c7d7d6554c1707aed54dea3f814d5f4fe6

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.1ubuntu5.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d7c2b0106613414619b420f689c429a56f2bb804

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1.16.10.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 22a396dc72204277f1b19b28702151fc5b289fb7

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1.16.10.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 22a396dc72204277f1b19b28702151fc5b289fb7

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1.16.10.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 22a396dc72204277f1b19b28702151fc5b289fb7

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1.17.04.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 6c2ec5c7d7d6554c1707aed54dea3f814d5f4fe6

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.1.5.1-1ubuntu9.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6581c70922d59c8d692a3f32a2620dfe10d837ac

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.1.5.1-1ubuntu9.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6581c70922d59c8d692a3f32a2620dfe10d837ac

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1.17.04.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 6c2ec5c7d7d6554c1707aed54dea3f814d5f4fe6

New changelog entries:
* REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
If su received a signal like SIGTERM it wasn't propagated to the child.
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

Import patches-unapplied version 1:4.2-3.2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 92700e24a50a45a6baf1b7d24be402a152b06962

New changelog entries:
* Merge with Debian; remaining changes:
- debian/passwd.upstart: Add an upstart job to clear locks on
[shadow-]passwd/group.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
* Dropped changes, included in Debian:
- Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
- Add uidmap package based on upstream patches that introduce
newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
updates on those to widen the default allocation to 65536 uids and gids
and only assign ranges to non-system users.
- debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
error cases.
* Dropped changes, included upstream:
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout.
- debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child.
* Fix pam_motd calls so that the second pam_motd is the noupdate one rather
than the first, ensuring /run/motd.dynamic is always populated and shown
on the first login after boot. LP: #1368864.
* Don't call 'pam_exec uname', a change adopted in Debian without
coordination with the Debian PAM maintainer
* Use dh_installinit now for installing the upstart job, as we no longer
generate a dependency on upstart-job.
* Include /etc/sub[ug]id in the list of files to clear locks for on boot.
LP: #1304505
* Add a systemd unit to go with the upstart job, so that lock clearing works
on newer Ubuntu releases.
* add support for "chfn --extrausers" (LP: #1495580)
* debian/patches/1010_extrausers.patch:
- Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
* debian/patches/1010_extrausers.patch:
- Fix usermod to look in extrausers location for basic changes to a
user's passwd info. Fixes changing user's real name in Touch via
AccountsService. (Does not address updating groups yet, since that's
less useful now, as we can't update any system groups.)
* d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
for system users. (LP: #1545884)
* Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
handling has support for removing files for us on boot. Thanks to
Martin Pitt <pitti@ubuntu.com> for the hint.

Import patches-unapplied version 1:4.2-3.2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 92700e24a50a45a6baf1b7d24be402a152b06962

New changelog entries:
* Merge with Debian; remaining changes:
- debian/passwd.upstart: Add an upstart job to clear locks on
[shadow-]passwd/group.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
* Dropped changes, included in Debian:
- Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
- Add uidmap package based on upstream patches that introduce
newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
updates on those to widen the default allocation to 65536 uids and gids
and only assign ranges to non-system users.
- debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
error cases.
* Dropped changes, included upstream:
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout.
- debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child.
* Fix pam_motd calls so that the second pam_motd is the noupdate one rather
than the first, ensuring /run/motd.dynamic is always populated and shown
on the first login after boot. LP: #1368864.
* Don't call 'pam_exec uname', a change adopted in Debian without
coordination with the Debian PAM maintainer
* Use dh_installinit now for installing the upstart job, as we no longer
generate a dependency on upstart-job.
* Include /etc/sub[ug]id in the list of files to clear locks for on boot.
LP: #1304505
* Add a systemd unit to go with the upstart job, so that lock clearing works
on newer Ubuntu releases.
* add support for "chfn --extrausers" (LP: #1495580)
* debian/patches/1010_extrausers.patch:
- Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
* debian/patches/1010_extrausers.patch:
- Fix usermod to look in extrausers location for basic changes to a
user's passwd info. Fixes changing user's real name in Touch via
AccountsService. (Does not address updating groups yet, since that's
less useful now, as we can't update any system groups.)
* d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
for system users. (LP: #1545884)
* Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
handling has support for removing files for us on boot. Thanks to
Martin Pitt <pitti@ubuntu.com> for the hint.

Import patches-unapplied version 1:4.2-3.2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 92700e24a50a45a6baf1b7d24be402a152b06962

New changelog entries:
* Merge with Debian; remaining changes:
- debian/passwd.upstart: Add an upstart job to clear locks on
[shadow-]passwd/group.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
* Dropped changes, included in Debian:
- Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
- Add uidmap package based on upstream patches that introduce
newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
updates on those to widen the default allocation to 65536 uids and gids
and only assign ranges to non-system users.
- debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
error cases.
* Dropped changes, included upstream:
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout.
- debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child.
* Fix pam_motd calls so that the second pam_motd is the noupdate one rather
than the first, ensuring /run/motd.dynamic is always populated and shown
on the first login after boot. LP: #1368864.
* Don't call 'pam_exec uname', a change adopted in Debian without
coordination with the Debian PAM maintainer
* Use dh_installinit now for installing the upstart job, as we no longer
generate a dependency on upstart-job.
* Include /etc/sub[ug]id in the list of files to clear locks for on boot.
LP: #1304505
* Add a systemd unit to go with the upstart job, so that lock clearing works
on newer Ubuntu releases.
* add support for "chfn --extrausers" (LP: #1495580)
* debian/patches/1010_extrausers.patch:
- Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
* debian/patches/1010_extrausers.patch:
- Fix usermod to look in extrausers location for basic changes to a
user's passwd info. Fixes changing user's real name in Touch via
AccountsService. (Does not address updating groups yet, since that's
less useful now, as we can't update any system groups.)
* d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
for system users. (LP: #1545884)
* Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
handling has support for removing files for us on boot. Thanks to
Martin Pitt <pitti@ubuntu.com> for the hint.

Import patches-unapplied version 1:4.1.5.1-1.1ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 3289b2afbf592e26a3123e4494b5268244ccce47

New changelog entries:
* debian/patches/1010_extrausers.patch:
- Add support to passwd for libnss-extrausers by falling back to the
/var/lib/extrausers/ locations if it exists when updating
passwd or shadow.

Import patches-unapplied version 1:4.1.5.1-1ubuntu9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: e1798d263b1279915260fb904c3196dd740aff4a

New changelog entries:
* Set our subuid and subgid range to 65536 uids by default.
* Patch newusers to not add subuids and subgids to system users.
* Patch useradd to not add subuids and subgids to system users and to
regular users who don't fit between uid_min and uid_max.
(This is needed due to adduser not passing --system...)

Import patches-unapplied version 1:4.1.5.1-1ubuntu4.1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 05d1996a3b143aa0ea80a3698a61cf5cc51a8a2b

New changelog entries:
* debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child; this is needed now that su no
longer starts a controlling terminal when not running an interactive
shell (closes: #713979, LP: #1205407).

Import patches-unapplied version 1:4.1.5.1-1ubuntu4.1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 05d1996a3b143aa0ea80a3698a61cf5cc51a8a2b

New changelog entries:
* debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child; this is needed now that su no
longer starts a controlling terminal when not running an interactive
shell (closes: #713979, LP: #1205407).

Import patches-unapplied version 1:4.1.5.1-1ubuntu4.1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 05d1996a3b143aa0ea80a3698a61cf5cc51a8a2b

New changelog entries:
* debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child; this is needed now that su no
longer starts a controlling terminal when not running an interactive
shell (closes: #713979, LP: #1205407).

Import patches-unapplied version 1:4.1.5.1-1ubuntu6 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: dcf7c9b695dbd5c31b824c98684c01f3e4c374f5

New changelog entries:
* debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child; this is needed now that su no
longer starts a controlling terminal when not running an interactive
shell (closes: #713979).

Import patches-unapplied version 1:4.1.5.1-1ubuntu6 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: dcf7c9b695dbd5c31b824c98684c01f3e4c374f5

New changelog entries:
* debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child; this is needed now that su no
longer starts a controlling terminal when not running an interactive
shell (closes: #713979).

Import patches-unapplied version 1:4.1.5.1-1ubuntu6 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: dcf7c9b695dbd5c31b824c98684c01f3e4c374f5

New changelog entries:
* debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child; this is needed now that su no
longer starts a controlling terminal when not running an interactive
shell (closes: #713979).

Import patches-unapplied version 1:4.1.4.2+svn3283-3ubuntu2 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: a3e4193db3d21a03b6b2655321f55a583914f995

New changelog entries:
* debian/login.defs:
- Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
- Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)

Import patches-unapplied version 1:4.1.4.2+svn3283-3ubuntu2 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: a3e4193db3d21a03b6b2655321f55a583914f995

New changelog entries:
* debian/login.defs:
- Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
- Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)

Import patches-unapplied version 1:4.1.4.2-1ubuntu3 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: 8c125758456ea77ee413b1ba11a64bed2d506d78

New changelog entries:
* add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with
TI's DMA-offloaded driver instead of the default 8250 one the serial tty's
are called like that (LP: #512845).

New changelog entries:
* The "Rollot" release.
* debian/patches/303_login_symlink_attack: Fix a race condition that could
lead to gaining ownership or changing mode of arbitrary files.
Closes: #505271
* debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
referenced in the manpage, not LOGIN. Closes: #501830
* debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
files. Closes: #501353